Why are my AJAX requests not extending an OWIN MVC session?
I ended up having some faulty assumptions. The AJAX requests were extending. The return of the 200 was throwing me off. After looking with fiddler at the actual response, I saw that with the change to OWIN, the 401 is actually moved in the response:
X-Responded-JSON: {"status":401,"headers":{...foo...}}
So, we ended up just setting the status of the response back to 401. That's probably horrible, but it fit our needs.
protected void Application_EndRequest() { var context = new HttpContextWrapper(Context); var header = context.Response.Headers["X-Responded-JSON"]; if (header != null && header.Contains("\"status\":401")) { Context.Response.Clear(); Context.Response.StatusCode = 401; }
Here's probably a more robust solution: OWIN: unauthorised webapi call returning login page rather than 401